GENERAL PROVISIONS
1.1. This Privacy Policy is addressed to Users and other individuals using the application available at oterion.com (hereinafter referred to as: the "Application"), who conclude service sales agreements with the Controller as part of their business or professional activities (in B2B transactions).
1.2. This Policy sets out the principles for collecting and processing personal data obtained by the Controller both during the registration of an account in the Application and when using the Application’s functionalities, as well as at the stage preceding the above-mentioned activities.
1.3. This Policy also applies to the processing of personal data of individuals following the Controller’s profile on linkedin.com, as well as to persons interested in employment with the Controller.

PERSONAL DATA CONTROLLER
2.1. The Personal Data Controller is Oterion sp. z o.o., ul. Mogilska 35, 31-545 Kraków, Poland, KRS (National Court Register No.): 0001111726, NIP (TAX ID): PL6751800508. Additional contact details of the Controller: e-mail: info@oterion.com

LEGAL BASIS FOR PERSONAL DATA PROCESSING
3.1. Your personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (GDPR).
3.2. The legal basis for processing your personal data by the Controller is:

• Your consent (Article 6(1)(a) GDPR);

• The necessity to perform contracts concluded with the Controller, as well as to take actions at your request prior to concluding such contracts (Article 6(1)(b) GDPR);

• The necessity to fulfill a legal obligation incumbent on the Controller (Article 6(1)(c) GDPR).

3.3. Providing your personal data on the basis of the above points (a) and (b) is voluntary; however, refusing to provide the data will prevent you from using the Application and the electronic services provided by the Controller.
3.4. Your personal data may be processed in connection with the Controller’s legitimate interests to secure and pursue claims, as well as for direct marketing of services provided by the Controller (e.g., via newsletter) (Article 6(1)(f) GDPR).

PURPOSES AND SCOPE OF PERSONAL DATA PROCESSING
4.1. Your personal data will be processed:

• For purposes and to the extent necessary in connection with the conclusion and performance of a contract, or to take steps at your request prior to entering into a contract (e.g., submitting an inquiry about the Application via the contact form, subscribing to the newsletter, downloading additional materials such as an e-book);

• For the purpose of complying with a legal obligation incumbent on the Controller (e.g., resulting from accounting and tax regulations);

• For purposes resulting from the legitimate interests pursued by the Controller (i.e., securing and pursuing claims, marketing of its own products and services).

4.2. In connection with the above processing purposes, the Controller will, in particular, process the following personal data of Clients (Application Users): company name, first and last name of the contact person, e-mail address, phone number, tax ID (NIP), registered office address or mailing address. The Controller will also process such data as cookies and IP addresses.
4.3. In connection with the performance of agreements with the Client, the Controller will also process personal data of individuals granted access to the Application by the Client (e.g., employees) in the following scope: first and last name, position, phone number, e-mail address, as well as IP address and cookies.
4.3. In the cases mentioned above in section 4.3., the Controller and the Client are parties to a data processing agreement, under which the Controller acts as a Processor as defined in Article 4(8) GDPR.

SHARING PERSONAL DATA
5.1. Your personal data will be disclosed to competent state authorities or third parties if such an obligation arises from generally applicable law.
5.2. For the proper provision of its services, the Controller may share your personal data with the entity handling electronic or card payments, the bank maintaining the Controller’s bank account to enable payment for services, and with an accounting office. The Controller may also share your personal data with hosting providers and IT companies that support the Controller in the proper provision of its services, an entity providing e-mail services to the Controller, as well as an entity providing technical support for the Application.
5.3. The Controller processes personal data obtained directly from you (data subjects). In the case of employees and individuals providing services to the Controller’s Clients under civil law contracts – your data may be obtained from that Client.

DATA PROTECTION
6.1. The Controller is obliged to protect your data collected during your use of the Application in accordance with applicable laws and in line with the highest standards of data security and protection.
6.2. The Controller ensures the security of personal data through appropriate technical and organizational measures aimed at preventing unlawful data processing, accidental loss, destruction, and damage. The Controller takes all possible measures so that personal data is:

• Processed fairly and lawfully,

• Obtained only for specified purposes and not processed further in a manner incompatible with those purposes,

• Adequate, relevant, and not excessive,

• Accurate and up to date,

• Not kept longer than necessary,

• Processed in accordance with the rights of data subjects, including the right to restrict disclosure,

• Stored securely,

• Not transferred without adequate protection.

6.3. Personal data sets are secured against access by third parties. Only persons authorized by the Controller, trained in data protection and obligated to keep your personal data confidential, are allowed to process your personal data.
6.4. Personal data collected to conclude or perform a contract and fulfill a legal obligation incumbent on the Controller is stored for the period necessary to: (1) secure or pursue possible claims arising from the contract, (2) perform the contract (e.g., handle complaints), and (3) comply with the legal obligation imposed on the Controller (resulting, for example, from accounting and tax regulations). Personal data processed for marketing purposes and other purposes than those mentioned above will be processed until you withdraw your previously granted consent for processing for this purpose or until you object. The data of employees and other individuals authorized by the Client will be processed until the expiration of claims arising from the underlying relationship between the Client and the Controller or until it is independently removed from the Application by the Client or another authorized individual.

RIGHTS
7.1. You have the right to request from the Controller access to your personal data, its rectification, erasure, or restriction of processing, the right to object to processing, as well as the right to data portability. You have the right to withdraw previously given consent to personal data processing at any time.
7.2. You have the right to obtain from the Controller the following information:

• The purpose, scope, and methods of processing your personal data;

• From when your data has been processed;

• The source from which your data originates;

• The recipients or categories of recipients to whom the data is disclosed.

7.3. Additionally, at your request, the Controller will supplement, update, and correct your personal data, as well as suspend (temporarily or permanently) its processing or remove it if your data proves to be incomplete, outdated, untrue, or collected in violation of the law, or is no longer necessary for the purpose for which it was collected.
7.4. Moreover, if your data is processed by the Controller for direct marketing purposes, you have the right at any time to object to the processing of your personal data for such marketing purposes, including profiling, to the extent that the processing is related to such direct marketing. To exercise the rights mentioned in this paragraph, you must submit an appropriate request to the Controller’s e-mail address.
7.5. You have the right to file a complaint with a supervisory authority if you believe that the processing of your personal data violates applicable regulations.

DATA CHANGES
8.1. If your personal data changes, please update it yourself in your user account or inform the Controller electronically at the Controller’s e-mail address.

COOKIES
9.1. The Controller states that it uses "cookies."
9.2. Cookies are information sent by a server that is stored on your device (e.g., your computer’s hard drive or your phone’s memory).
9.3. Data obtained through cookies does not enable the Controller to identify you, but it allows the Controller to determine whether the Application has been visited using a particular device (which does not mean identifying who visited the Application) and what the user’s preferences were at that time (what interested the user the most in the Application).
9.4. The Controller uses internal cookies for:

• Ensuring the proper functioning of the Application,

• Statistical purposes,

• Adapting the Application to your preferences.

9.5. The Controller may place both persistent and temporary cookies on your device.
9.6. Temporary cookies are typically deleted when the browser is closed, whereas persistent cookies are not deleted when the browser is closed.
9.7. Temporary cookies are used to identify the User as logged in.
9.8. Persistent cookies ensure certain functionalities not only during the current session but also throughout their storage period on the device. Persistent cookies are used for: collecting information on how the Application is used, including which subpages are visited and any errors encountered; checking the effectiveness of the Application’s advertisements; improving the Application’s performance by recording errors; testing various stylistic variants of the Application; remembering Users’ settings regarding their preferences; and showing Users that they are logged into the Application.
9.9. The Application uses Google Analytics, which uses cookies placed on your device to create statistics regarding traffic size and usage.
9.10. The Controller uses online marketing and advertising tools to advertise the Application and its services. These tools may use cookies placed on your device.
9.11. You can delete cookies left by the Application from your device at any time following the instructions of your web browser’s manufacturer.
9.12. You can also block cookies from accessing your device by configuring your browser settings accordingly; however, in that case, the Application may not function properly.
9.13. The Controller uses a server that automatically saves information in server logs for the purpose of analyzing the IT system’s operation. These logs contain information about the device you use to connect to the Application, i.e., the type of device and browser you use, your computer’s IP address, the date and time of entry, a textual description of the event, and a classification of the event.
9.14. Only persons authorized to administer the IT system have access to log files. Log files may be used to compile statistics to assess traffic in the Application and the occurrence of errors, which do not allow for your identification.

FINAL PROVISIONS
10.1. In the future, it may be necessary to update the principles set out in this Privacy Policy. In that case, the Controller will inform you of any changes to the content of this Policy. The updated principles will be available on the website under which the Application is posted.